开发者

can we resign the already signed jars in java?

问答 作者:

I've a .jar file with an old signature and want to resign it with a new signature. Is it possible开发者_Go百科?

If it is possible: how to do it?

If the signature is not one you own, you would need to unjar the jar first.

Like so (assume unix, translate to dos otherwise):

jar xvf JarName.jar

rm -rf META-INF

jar cvf JarName.jar *

Now you need to run jarsigner to sign the jar 

jarsigner -keystore /yourkeystoredirectory/mystore -storepass yourpass
      -keypass yourkeypasswd JarName.jar keyname

If you don't have a keystore, you can create one with keytool.

I found a better solution on https://www.chemaxon.com/forum/viewpost35555.html#35555

  1. Remove files with ".SF" or ".RSA" extension from the META-INF folder inside the jar.
  2. Delete signing checksums from META-INF/MANIFEST.MF: each "Name" and "SHA1-Digest" fields should be deleted from META-INF/MANIFEST.MF.

A more comprehensive documentation can be found on the oracle documentation: https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File (for example there can be ".DSA" files in the META-INF folder, and files beginning with "SIG-" )

You can extract the class files and re-jar them with your signature

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9